Technical Field
This invention generally relates to password-based authentication in data processing systems whereby access to a resource is controlled in dependence on authentication of user passwords. Multi-server systems are provided for authenticating user passwords, together with corresponding methods, component servers and computer programs for configuring the servers.
Description of the Related Art
Passwords are the most prevalent mechanism for user authentication in data processing systems. For a long time, phishing attacks and keystroke-logging malware on user computers were the preferred methods for hackers to capture large numbers of user passwords. More recently, however, the main risk to password security seems to stem from server compromise. In 2012 alone, tens of millions of passwords were reported lost in this way, with major data breaches occurring at various popular websites.
In conventional password-based authentication systems, users connect to a server which controls access to the protected resource and maintains a database of user IDs, e.g., user names, with their associated user passwords stored in hashed form. On receipt of a user ID and input password, the access control server hashes the input password and checks whether the result equals the stored password-hash for that user. However, all password-hashes can be stolen by hacking the access control server (or associated password-hash database). Storing passwords in hashed form offers little protection due to the efficiency of offline attacks using dictionaries or brute-forcing of the message space. The National Institute of Standards and Technology has estimated that human-memorizable passwords of even sixteen characters length have only 30 bits of entropy, corresponding to about one billion possible combinations. With current graphical processors that can test more than eight billion combinations per second, security should be considered lost as soon as an offline attack can be mounted against the password data.
To reduce exposure to offline attacks through server compromise, password-based authentication can be performed by a plurality of servers. Authentication protocols in which the password-based authentication data is split between multiple servers are known, for example, as part of authenticated key-exchange or authenticated secret-sharing protocols. Prior multi-server password-authentication systems require the user computer to interact with all servers in the authentication protocol, since information of all servers is required for authentication. Two-server password-based authentication systems are also known. “RSA Distributed Credential Protection”, RSA Security, Whitepaper 2012, describes an example of such a system. Here, the password-based authentication data is split between two servers. The user sends her password, in randomized and split form, to the two servers, which then interact to verify the password, granting access if the password is correct.
Improvements in multi-server password authentication systems would be highly desirable.